lp:ubuntu/hardy/apache2

Created by James Westby on 2009-11-06 and last modified on 2009-11-06
Get this branch:
bzr branch lp:ubuntu/hardy/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

26. By Stefan Fritsch on 2008-01-17

* New upstream version:
  - Fixes cross-site scripting issues in
    o mod_imagemap (CVE-2007-5000)
    o mod_status (CVE-2007-6388)
    o mod_proxy_balancer's balancer manager (CVE-2007-6421)
  - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
    (CVE-2007-6422).
  - Fixes mod_proxy URL encoding in error messages (closes: #337325).
  - Adds explicit charset to the output of various modules to work around
    possible cross-site scripting flaws affecting web browsers that do not
    derive the response character set as required by RFC2616. For
    mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
    specify something else than ISO-8859-1 (CVE-2008-0005).
  - Adds mod_substitute which performs inline response content pattern
    matching (including regex) and substitution (like mod_line_edit).
  - Adds "DefaultType none" option.
  - Adds new "B" option to RewriteRule to suppress URL unescaping.
  - Adds an "if" directive for mod_include to test whether an URL is
    accessible, and if so, conditionally display content.
  - Adds support for mod_ssl to the event MPM.
* Move the configuration of User, Group, and PidFile to
  /etc/apache2/envvars. This makes it easier to use these settings in
  scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
  (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
* Make apache2ctl check the configuration syntax before trying to restart
  apache, to match the behaviour documented in the man page.
  (Closes: #459236)
* Convert docs to be directly viewable with a browser (and not use content
  negotiation).
* Add doc-base entry for the documentation. (closes: #311269)
* Don't ship default files in /var/www, but copy a sample file to
  /var/www/index.html on new installs. Also remove the now unneeded
  RedirectMatch line from sites-available/default.
  (Closes: #411774, #458093)
* Add some information to README.Debian (Apache wiki, default virtual host)
* Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
  dependencies, easing library transitions (closes: #458857).
* Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
  Patch by Nicolas Valcárcel. (Closes: #436441)
* Add reportbug script to list enabled modules.
* Fix some lintian warnings:
  - Pass --no-start to dh_installinit instead of omitting the debhelper token
    in various maintainer scripts. Also move the update-rc.d call to
    apache2.2-common.
  - Add Short-Description to init script.
* Remove unused apache2-mpm-prefork.prerm from source package and clean up
  debian/rules a bit.
* Don't ship NEWS.Debian with apache2-utils, as the contents are only
  relevant for the server.

25. By Soren Hansen on 2008-01-16

[ Nicolas Valcárcel ]
* Added icons for OpenDocuments by default on mime.conf
  (Closes: LP: #130836)
* Icons added to the package in uuencode format
* Added sharutils to Build-Depends on debian/control for uuencode
* debian/apache2.2-common.apache2.init:
  - Only look for *.conf files in /etc/apache2 when searching for pidfiles
    (Closes: LP: #112991) Thanks to Daniel Hahler for the patch

[ Soren Hansen ]
* Clean up after OpenDocument icon generation

24. By Martin Pitt on 2008-01-03

* Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
  dependencies (including db4.5).
* Modify Maintainer value to match the DebianMaintainerField
  specification.

23. By Stefan Fritsch on 2007-12-07

* Allocate fewer bucket brigades in case of a flush bucket. This might help
  with the memory leaks reported in #399776 and #421557.
* Escape the HTTP method in error messages to avoid potential cross site
  scripting vulnerabilities (CVE-2007-6203).
* Update 053_bad_file_descriptor_PR42829.dpatch to avoid a race condition.
* Redirect /doc/apache2-doc/manual/ to /manual/ in the apache2-doc config
  (Closes: #450867).
* Add icons for .ogg and .ogm (Closes: #255443).
* Add comment about how to log X-Forwarded-For (Closes: #425008).
* Make mod_proxy_balancer not depend on mod_cache.
* Add Homepage field to debian/control.
* Add/fix some lintian overrides, fix some warnings.
* Bump Standards-Version (no changes).

22. By Stefan Fritsch on 2007-10-18

* Avoid calling apr_pollset_poll() and accept_func() when the listening
  sockets have already been closed on graceful stop or reload. This
  hopefully fixes processes not being killed (closes: #445263, #447164)
  and the "Bad file descriptor: apr_socket_accept: (client socket)"
  error message (closes: #400918, #443310)
* Allow logresolve to process long lines (Closes: #331631)
* Remove duplicate config examples (Closes: #294662)
* Include README.backtrace describing how to create a backtrace
* Add CVE reference to 2.2.6-1 changelog entry

21. By LaMont Jones on 2007-10-04

Trigger rebuild for hppa

20. By Stefan Fritsch on 2007-08-07

[ Stefan Fritsch ]
* enable default site on new installs again (Closes: #436341)
* make mod_authn_dbd depend on mod_dbd
* make a2dissite return 0 if a site is already disabled (Closes: #435398)
* make a2 scripts print errors to stderr (Closes: #435400)
* move TypesConfig directive from apache2.conf to mime.conf
  (Closes: #434248)

[ Adam Conrad ]
* Special case apache2-dbg magic in debian/rules, so we don't do
  this on Ubuntu, which has an archive of detached debug packages.

19. By Martin Pitt on 2007-08-01

debian/rules: Also remove apache2-dbg from debian/files on Ubuntu, so that
dpkg-genchanges does not choke.

18. By Martin Pitt on 2007-08-01

debian/rules: Do not do the black magic for producing the -dbg package on
Ubuntu, since it breaks with pkg-create-dbgsym and is not needed for the
same reason.

17. By Stefan Fritsch on 2007-07-03

* Modularize config: Move module specific configuration from apache2.conf
  to mods-available/*conf (Closes: #338472)
* Remove the NO_START kludge. Now you have to use rc*.d symlinks to disable
  apache2. (Closes: #408462, #275561)
* Create run and lock directores in apache2ctl to make it work on fresh
  installations before the first call of the init script. Together with
  the previous item, this closes: #418499
* Disable AddDefaultCharset again (Closes: #397886)
* Make ports.conf, conf.d/charset, and /etc/default/apache2 conffiles
  managed by dpkg
* Listen on port 443 by default if mod_ssl is loaded (Closes: #404598)
* Add logic to start htcacheclean as daemon or cronjob. The configuration
  is in /etc/default/apache2
* Fix security issues:
  - CVE-2007-3304: prevent parent process to send SIGUSR1 to arbitrary
    processes
  - CVE-2006-5752: XSS in mod_status
* Add init.d dependency info from insserv overrides to /etc/init.d/apache2
* Replace apachectl with apache2ctl in docs (Closes: #164493)
* Add usage message to apache2ctl (Closes: #359008)
* Make -dev packages priority extra
* Add secure example cipher/protocol configuration to ssl.conf
* Update watch file (Closes: #433552)
* Bump dh_compat to 5
* Add new package apache2-dbg with debugging symbols
* Fix mod_cache returning 304 instead of 200 on HEAD requests

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/apache2
This branch contains Public information 
Everyone can see this information.

Subscribers